Connecting...

Senior Vulnerability Analyst

Job description

POSITION DESCRIPTION


The ideal candidate will possess a working knowledge of critical build-in security practices and a strong working knowledge of vulnerability management and penetration testing (researching, identifying, reporting, validating, reproducing vulnerabilities and providing consultation upon request). Applicants must have excellent written and oral communications skills and be highly effective at influencing individuals outside their reporting structure. The candidate must also be proficient in the use of Microsoft Suite, and understand Scaled Agile delivery frameworks. Successful applicants will be charged with significantly reducing vulnerabilities, validating findings, conducting end-to-end penetration tests, improvement of ongoing cyber-hygiene, and assisting in the continuous improvement of our enterprise-wide threat and vulnerability management program.

RESPONSIBILITIES

• Manage engagement scoping and requirements for penetration testing services
• Conduct network and application penetration testing at an advanced level
• Develop comprehensive actionable deliverables resulting from engagements
• Collaborates with Windows, Unix, Linux and IT Infrastructure teams to drive remediation of reported vulnerabilities through risk/threat-based assessment of security controls and tools
• Articulate risk and business impact to stakeholders
• Ability to convey the urgency and need to remediate vulnerabilities
• Develops and maintains vulnerability and response artifacts systematically to produce metrics that can measure the overall program maturity and progress
• Creates visibility and awareness at appropriate level including executive leadership teams, CISO and other on vulnerabilities that require attention
• Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability response and remediation efforts
• Cultivates the practice of staying abreast on latest trends and developments in vulnerability response and remediation activities followed across industry
• Actively reviews public and private vulnerability notifications/disclosures, consumes research findings and prioritizes remediation efforts
• Research exploit techniques and mitigation strategize
• Build relationships and become a trusted advisor with BU and technology owners to influence change and drive ownership and accountability

MINIMUM REQUIREMNTS

6+ years’ experience in Vulnerability Management
4+ years of direct penetration testing experience with multiple toolsets

CRITICAL SKILLS

• Good working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
• Administration experience with any of the following: Nessus, Rapid7, Qualys, Core Impact, Metasploit and other scanning and analysis solutions
• Experience with automated and manual penetration testing
• Provide data management and analysis for activities and continuous project initiatives
• Use various data sources to identify and solve for programmatic needs and gaps in IT system coverage.
• Participate in strategic planning with regards to program development of IT Systems Assurance
• Assist with program assessments ensuring programmatic goals are well documented
• Perform data validation and quality control checks to ensure adherence to ETS/ISRM protocols
• High proficiency with MS Office productivity applications and Visio

ADDITIONAL KNOWLEDGE AND SKILLS

• Knowledge regarding healthcare IT
• Consulting background
• Experience in large highly segmented and regulated organizations

EDUCATION

• 4-year degree in computer science or related field or equivalent experience

PREFERRED CERTIFICATIONS

GCWN, GWAPT, GPEN, GCUX, CEHv10, GXPN, OSCP, CISSP

PHYSICAL REQUIREMENTS

• General Office Demands

Please email your CV to ggardiner@sigmar.ie to discuss the role in further detail

Following your application for this specific role, Sigmar may contact you regarding other positions that we feel you may be suitable for. If you do not wish to be contacted about other opportunities please let us know. For further information please refer to the Privacy Statement on our website.

Following your application for this specific role, Sigmar may contact you regarding other positions that we feel you may be suitable for. If you do not wish to be contacted about other opportunities please let us know. For further information please refer to the Privacy Statement on our website.